The actual application design might have a weakness
The actual application might be conpromised (i.e. on purpose rather than an unknown design flaw)
The mechanism for generating the actual keys might have a weakeness (for example, for a while the symetrical key generation for HTTPS in the Mozilla browser was a lot less random than it was supposed to be so those connections were a lot easier to crack)
The mechanism for distributing the keys might have a weakness
Ultimatelly the one trully safe encryption mechanism is the One Time Pad, and that requires a key as long as the message (hence why seldom used) distributed in a safe way (for starters, never over a public network) and there’s still the whole “compromised device” and “compromise application” risks (though implementing the One Time Pad protocol is stupidly simple)
True E2EE? Only if you get the key. If they have a backdoor, then it’s trivial.
There are ways:
Ultimatelly the one trully safe encryption mechanism is the One Time Pad, and that requires a key as long as the message (hence why seldom used) distributed in a safe way (for starters, never over a public network) and there’s still the whole “compromised device” and “compromise application” risks (though implementing the One Time Pad protocol is stupidly simple)